2021-01-17 01:09:41 +00:00
|
|
|
# Default values for dovecot.
|
|
|
|
# This is a YAML-formatted file.
|
|
|
|
# Declare variables to be passed into your templates.
|
|
|
|
|
|
|
|
replicaCount: 1
|
|
|
|
persistence:
|
|
|
|
enabled: true
|
|
|
|
existingClaim: mailboxes
|
|
|
|
|
|
|
|
tls:
|
|
|
|
enabled: true
|
|
|
|
existingSecret: mail.example.com-secret
|
|
|
|
|
|
|
|
dovecot:
|
|
|
|
image:
|
2021-02-01 18:18:38 +00:00
|
|
|
repository: registry.geekhome.org/ghp/dovecot
|
2021-01-17 01:09:41 +00:00
|
|
|
tag: 2.3.8
|
|
|
|
pullPolicy: Always
|
|
|
|
configmaps:
|
|
|
|
dovecot:
|
|
|
|
dovecot: |
|
|
|
|
mail_max_userip_connections = 100
|
|
|
|
|
|
|
|
haproxy_trusted_networks = 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
|
|
|
haproxy_timeout = 30s
|
|
|
|
dict {
|
|
|
|
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
|
|
|
|
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
|
|
|
|
}
|
|
|
|
|
|
|
|
# Most of the actual configuration gets included below. The filenames are
|
|
|
|
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
|
|
|
|
# in filenames are intended to make it easier to understand the ordering.
|
|
|
|
!include conf.d/*.conf
|
|
|
|
|
|
|
|
# A config file can also tried to be included without giving an error if
|
|
|
|
# it's not found:
|
|
|
|
!include_try local.conf
|
|
|
|
ldap: |
|
|
|
|
uris = ldaps://openldap.example.com
|
|
|
|
dn = uid=ldapbind,ou=services,dc=example,dc=com
|
|
|
|
dnpass = HARD_PASSWORD
|
|
|
|
auth_bind = yes
|
|
|
|
auth_bind_userdn = uid=%n,ou=users,dc=example,dc=com
|
|
|
|
tls = no
|
|
|
|
ldap_version = 3
|
|
|
|
base = ou=users,dc=example,dc=com
|
|
|
|
deref = never
|
|
|
|
scope = subtree
|
|
|
|
user_filter = (&(objectClass=posixAccount)(mail=%u))
|
|
|
|
user_attrs = cn=home=/home/vmail/%$
|
|
|
|
pass_filter = (&(objectClass=posixAccount)(mail=%u))
|
|
|
|
pass_attrs = uid=user,userPassword=password
|
|
|
|
confd:
|
|
|
|
auth-ldap: |
|
|
|
|
passdb {
|
|
|
|
driver = ldap
|
|
|
|
|
|
|
|
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
|
|
|
|
args = /etc/dovecot/ldap.conf
|
|
|
|
}
|
|
|
|
userdb {
|
|
|
|
driver = ldap
|
|
|
|
args = /etc/dovecot/ldap.conf
|
|
|
|
|
|
|
|
}
|
|
|
|
10-auth: |
|
|
|
|
auth_default_realm = example.com
|
|
|
|
auth_username_format = %Lu
|
|
|
|
auth_mechanisms = plain login
|
|
|
|
10-mail: |
|
|
|
|
mail_location = maildir:%h
|
|
|
|
namespace inbox {
|
|
|
|
inbox = yes
|
|
|
|
}
|
|
|
|
mail_uid = vmail
|
|
|
|
mail_gid = vmail
|
|
|
|
first_valid_uid = 1000
|
|
|
|
last_valid_uid = 1000
|
|
|
|
first_valid_gid = 1000
|
|
|
|
last_valid_gid = 1000
|
|
|
|
protocol !indexer-worker {
|
|
|
|
}
|
|
|
|
mbox_write_locks = fcntl
|
|
|
|
10-master: |
|
|
|
|
service imap-login {
|
|
|
|
inet_listener imap {
|
|
|
|
#port = 143
|
|
|
|
}
|
|
|
|
inet_listener imaps {
|
|
|
|
#port = 993
|
|
|
|
#ssl = yes
|
|
|
|
}
|
|
|
|
inet_listener imap_haproxy {
|
|
|
|
port = 1109
|
|
|
|
haproxy = yes
|
|
|
|
}
|
|
|
|
inet_listener imaps_haproxy {
|
|
|
|
port = 10993
|
|
|
|
ssl = yes
|
|
|
|
haproxy = yes
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
service pop3-login {
|
|
|
|
inet_listener pop3 {
|
|
|
|
#port = 110
|
|
|
|
}
|
|
|
|
inet_listener pop3s {
|
|
|
|
#port = 995
|
|
|
|
#ssl = yes
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
service lmtp {
|
|
|
|
inet_listener lmtp {
|
|
|
|
port = 24
|
|
|
|
}
|
|
|
|
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
|
|
|
mode = 0600
|
|
|
|
group = postfix
|
|
|
|
user = postfix
|
|
|
|
}
|
|
|
|
user = vmail
|
|
|
|
}
|
|
|
|
|
|
|
|
service imap {
|
|
|
|
}
|
|
|
|
|
|
|
|
service pop3 {
|
|
|
|
}
|
|
|
|
|
|
|
|
service auth {
|
|
|
|
inet_listener {
|
|
|
|
port = 12345
|
|
|
|
}
|
|
|
|
unix_listener auth-userdb {
|
|
|
|
mode = 0660
|
|
|
|
user = vmail
|
|
|
|
#group =
|
|
|
|
}
|
|
|
|
|
|
|
|
# Postfix smtp-auth
|
|
|
|
unix_listener /var/spool/postfix/private/auth {
|
|
|
|
mode = 0660
|
|
|
|
user = postfix
|
|
|
|
group = postfix
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
service auth-worker {
|
|
|
|
}
|
|
|
|
|
|
|
|
service dict {
|
|
|
|
unix_listener dict {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
10-ssl: |
|
|
|
|
ssl = required
|
|
|
|
ssl_cert = </tls/tls.crt
|
|
|
|
ssl_key = </tls/tls.key
|
|
|
|
10-logging: |
|
|
|
|
log_path = /dev/stderr
|
|
|
|
info_log_path = /dev/stdout
|
|
|
|
debug_log_path = /dev/stdout
|
|
|
|
|
|
|
|
service:
|
|
|
|
type: LoadBalancer
|
|
|
|
loadBalancerIP: ""
|
|
|
|
|
|
|
|
imagePullSecrets: []
|
|
|
|
nameOverride: ""
|
|
|
|
fullnameOverride: ""
|
|
|
|
|
|
|
|
serviceAccount:
|
|
|
|
# Specifies whether a service account should be created
|
|
|
|
create: true
|
|
|
|
# Annotations to add to the service account
|
|
|
|
annotations: {}
|
|
|
|
# The name of the service account to use.
|
|
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
|
|
name:
|
|
|
|
|
|
|
|
podSecurityContext: {}
|
|
|
|
# fsGroup: 2000
|
|
|
|
|
|
|
|
securityContext: {}
|
|
|
|
# capabilities:
|
|
|
|
# drop:
|
|
|
|
# - ALL
|
|
|
|
# readOnlyRootFilesystem: true
|
|
|
|
# runAsNonRoot: true
|
|
|
|
# runAsUser: 1000
|
|
|
|
|
|
|
|
|
|
|
|
resources: {}
|
|
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
|
|
# limits:
|
|
|
|
# cpu: 100m
|
|
|
|
# memory: 128Mi
|
|
|
|
# requests:
|
|
|
|
# cpu: 100m
|
|
|
|
# memory: 128Mi
|
|
|
|
|
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
tolerations: []
|
|
|
|
|
|
|
|
affinity: {}
|